Does Watchtower only check for Heartbleed?

jd4840
jd4840
Community Member
edited February 2017 in Mac

TL;DR - Why is it that watchtower.agilebits.com only checks for Heartbleed?

I'm confused. After the Cloudflare event, I was under the impression Watchtower keeps track of all breaches once verified by Agile Bits.
Any time I click the red bar on the Watchtower vulnerability alert, I am taken to the watchtower.agilebits.com site. There, the site's vulnerability to Heartbleed is all that appears to be assessed.

That can't be all that watchtower checks, right? I assumed Watchtower was up on all breaches (like the 800,000 vBulletin <v4.2.2 that came to pass this morning where a list of all sites affected was conveniently up on pastebin).

I'm not being critical. I just want to understand what Watchtower does. I know this was discussed some in the Cloudflare thread but I'm not satisfied in my understanding of what Watchtower does and how much I should trust it.


1Password Version: 6.6 (660013)
Extension Version: 4.6.3
OS Version: OS X 10.10.5
Sync Type: Not Provided

Comments

  • Hi @jd4840,

    Watchtower was originally developed for Heartbleed, and the website for it does a poor job of explaining that it can do more than just heartbleed checks. We've been adding sites to it that have been confirmed to have been impacted by Cloudbleed. Some sites are posting massive lists of sites, basically anything associated with Cf, but what they aren't taking into consideration is that most sites on those lists were only using Cf for DNS services.

    If you're finding sites that aren't showing as being affected in Watchtower but you know for a fact that they were impacted by it, please let us know what site that is and what you're basing this off of. We're looking on our side for more to add.

    Rick

This discussion has been closed.